(Note: recent events have lead to these topics being in the news quite often in recent weeks. However, Pond is not a reaction to those events - it was started nearly a year ago.)
For secure, synchronous communication we have OTR and, when run over Tor, this is pretty good. But while we have secure asynchronous messaging in the form of PGP email, it's not forward secure and it gratuitously leaks traffic information. While a desire for forward secure PGP is hardly new, it still hasn't materialised in a widely usable manner.
Additionally, email is used predominately for insecure communications (mailing lists, etc) and is useful because it allows previously unconnected people to communicate as long as a (public) email address is known to one party. But the flip side to this is that volume and spam are driving people to use centralised email services. These provide such huge benefits to the majority of email communication, so it's unlikely that this trend is going to reverse. But, even with PGP, these services are trusted with hugely valuable traffic information if any party uses them.
So Pond is not email. Pond is forward secure, asynchronous messaging for the discerning. Pond messages are asynchronous, but are not a record; they expire automatically a week after they are received. Pond seeks to prevent leaking traffic information against everyone except a global passive attacker.
Dear God, please don't use Pond for anything real yet. I've hammered out nearly 20K lines of code that have never been reviewed. Unless you're looking to experiment you should go use something that actually works.
Please email any feedback to agl at imperialviolet dot org or else use GitHub's tools.
User Guide (for CLI) Threat Model Technical Details Source Code
These are very simple build instructions that will get Pond running from source. You should read the commands before running them because, if nothing else, it'll put your GOPATH in ~/gopkg, which may not be where you want.
First, install Go. The packaged version of Go (usually called golang) is unlikely to work.
sudo apt-get install git libgtk-3-dev libgtkspell3-3-dev libtspi-dev trousers tor mercurial tpm-tools cd mkdir gopkg export GOPATH=$HOME/gopkg go get github.com/agl/pond/client $GOPATH/bin/client
Same as Ubuntu, above, but 1) on the go get command line add -tags ubuntu before the URL and 2) the gtkspell package is called libgtkspell-3-dev. On more recent versions of Debian, the instructions should be exactly the same as Ubuntu.
First, if you have not done so already, configure Tails persistence (Applications → Tails → Configure persistent volume) to persist "Personal Data", "APT Packages", "APT Lists", and "Dotfiles". A reboot is required after these settings are changed.
Next, when starting Tails, click "Yes" at the "More options?" prompt to set an Administration password. You'll need this password to install Pond's dependencies.
Next, open a Terminal and copy and paste the following commands to build and install Pond:
echo 'export GOPATH=$HOME/Persistent/go/' >> ~/.bashrc . ~/.bashrc mkdir $GOPATH alias pond-build='sudo bash -c "sudo apt-get update && \ apt-get install -y -t testing golang && \ apt-get install -y gcc git mercurial libgtk-3-dev libgtkspell-3-dev libtspi-dev trousers" && \ go get -u -tags ubuntu github.com/agl/pond/client && \ echo "Success." || echo "Sorry, something went wrong."' alias pond-install-deps='sudo apt-get install libtspi1 libgtkspell-3-0' alias pond='$GOPATH/bin/client' alias pond-cli='$GOPATH/bin/client --cli' alias|grep pond >> ~/.bashrc pond-build
Finally, run the following command (if you have not previously done so) to add your ~/.bashrc to the persistent storage:
cp ~/.bashrc /live/persistence/TailsData_unlocked/dotfiles/.bashrc
Each time you start Tails in the future, before you can run Pond, you'll just need to reinstall its runtime dependencies using the pond-install-deps command.
At this point, you should be able to run Pond's graphical interface with the pond command, or run its command-line interface with the pond-cli command.
From time to time you can re-run the pond-build command to update to the latest version.
Fedora's golang package appears to be completely broken, so this installs Go from source.
sudo yum install gtk3-devel gtkspell3-devel gcc trousers-devel git mercurial tor sudo systemctl start tor cd git clone https://github.com/golang/go cd go/src ./all.bash cd export PATH=$PATH:$HOME/go/bin mkdir gopkg export GOPATH=$HOME/gopkg go get github.com/agl/pond/client $GOPATH/bin/client
yaourt -S trousers mercurial tor go cd mkdir gopkg export GOPATH=$HOME/gopkg go get github.com/agl/pond/client systemctl start tor.service $GOPATH/bin/client
In order to actually use the TPM, you'll need to systemctl start tcsd.
It's possible to get Pond building on OS X after spending lots of time with homebrew. Something that's known to have worked,
// You will require Tor to run Pond. If you do not already have it, you can get // it from https://www.torproject.org/download/download.html.en . Running the Tor // Browser Bundle is enough. // These instructions assume the use of the Homebrew package manager for OSX. // If you are already using macports or fink (competing package managers), you may // not be able to follow these instructions. If you are not using any of these and // need to install homebrew, you can find the instructions on doing so at // http://brew.sh/ // Install prerequisites for running Pond brew install go gtk+3 gtkspell3 mercurial // You can either edit the GTK+ package build to use Quartz (the OS X graphics // library) directly, or install XQuartz, an X server with a Quartz backend. // XQuartz can be installed from http://xquartz.macosforge.org/. Otherwise: brew edit gtk+3 // ... and then add --enable-quartz-backend to the configure arguments // Add your go environment variable settings export GOPATH=$HOME/gopkg export PATH=$PATH:$GOPATH/bin export PKG_CONFIG_PATH=/opt/X11/lib/pkgconfig:/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH // You need to also add these to your ~/.profile file if you want to run pond again after reboot, unless you want to manually apply the settings each time you run pond. // Finally, install pond: go get github.com/agl/pond/client // now `client` should be in your path
However, unless you are already familiar with GTK development on OS X, I'd suggest using a Linux machine at this point. Since OS X development doesn't occur on my main development machine, I have to move patches across which also means that github doesn't always have the most up-to-date OS X changes.
If you just want the CLI version of Pond, you can use the nogui tag like so:
brew install go export GOPATH=$HOME/gopkg export PATH=$PATH:$GOPATH/bin go get -tags nogui github.com/agl/pond/client alias pond="$GOPATH/bin/client"
WARNING: there are no TPM chips in Macs and, since they generally use SSDs, which are log structured internally, messages cannot be safely erased. There is a firmware NVRAM on Macs that could be used for erasure storage, but I haven't written support for that yet.
Note: this documentation is included for completeness but most users are not expected to run their own servers. At this point in the development, things are still changing and one may need to observe the development in order to know when server updates are needed.
Create a user called pond and make sure its go environment is setup:
export GOPATH=/home/pond/go export PATH=$PATH:$GOPATH/bin
Note that the pond server logs to stdout.
% cd /home/pond % mkdir pond-server-base % server --init --base-directory /home/pond/pond-server-base 2013/12/24 16:35:46 Started. Listening on port 16333 with identity FJPZWT4E6Y3BOYYXSLJII4EMZPFCU7CDL7DM3AZ4V65X4TGDKN6A
% cd /home/pond % server --base-directory /home/pond/pond-server-base 2013/12/24 16:35:46 Started. Listening on port 16333 with identity FJPZWT4E6Y3BOYYXSLJII4EMZPFCU7CDL7DM3AZ4V65X4TGDKN6A
Make a torrc for your hidden service, as in this snippet:
HiddenServiceDir /var/lib/tor/pond_server/ HiddenServicePort 16333 127.0.0.1:16333Restart tor and then get your .onion addr:
% service tor restart % cat /var/lib/tor/pond_server/hostname aj642zdpke4dzgf3.onion
Construct your Pond server url like this: pondserver:// + pond_server_id + @ + onion_address. The example above would yield:
pondserver://FJPZWT4E6Y3BOYYXSLJII4EMZPFCU7CDL7DM3AZ4V65X4TGDKN6A@aj642zdpke4dzgf3.onion
The Pond server doesn't fork into the background so systemd provides a nice way to run it as a service. Here's an example unit for doing so:
[Unit] Description=Pond After=network.target [Service] User=pond ExecStart=/home/pond/go/bin/server --base-directory /home/pond/pond-server-base StandardOutput=syslog StandardError=syslog [Install] WantedBy=multi-user.target